Computer Security
[EN] securityvulns.ru no-pyccku


ZoneAlarm personal firewall multiple security vulnerabilities
updated since 17.04.2007
Published:02.05.2007
Source:
SecurityVulns ID:7597
Type:local
Threat Level:
5/10
Description:Insufficient arguments validation for hooked functions allows privilege escalation.
Affected:ZONELABS : ZoneAlarm Pro 6.5
CVE:CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.)
 CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.)
Original documentdocumentMatousec - Transparent security Research, ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerability (02.05.2007)
 documentReversemode, [Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation (24.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability (21.04.2007)
 documentMatousec - Transparent security Research, ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vulnerability (17.04.2007)

Yate VoIP server DoS
Published:02.05.2007
Source:
SecurityVulns ID:7654
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on absent "purpose" parameter of SIP "Call-Info" header.
Affected:YATE : Yate 1.1
CVE:CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using a incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.)
Original documentdocumentno-reply_(at)_radware.com, Radware Security Advisory - Yate 1.1.0 Denial of Service Vulnerability (02.05.2007)

VMWare host system files access directory traversal
updated since 02.05.2007
Published:02.05.2007
Source:
SecurityVulns ID:7655
Type:local
Threat Level:
6/10
Description:Because of directory traversal in "Shared folders" option, it's possible to access file of host system from guest system.
Affected:VMWARE : VMware Workstation 5.5
CVE:CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.27.07: VMware Workstation Shared Folders Directory Traversal Vulnerability (02.05.2007)

HP Power Manager Remote Agent privilege escalation
Published:02.05.2007
Source:
SecurityVulns ID:7657
Type:local
Threat Level:
5/10
CVE:CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02197 SSRT061285 rev.1 - HP-UX Running HP Power Manager Remote Agent (RA), Local Execution of Arbitrary Code with Root Privileges (02.05.2007)

Aventail Connect SSL VPN Client Buffer Overflow
Published:02.05.2007
Source:
SecurityVulns ID:7658
Type:client
Threat Level:
5/10
Description:Buffer overflow in gethostbyname() family functions hoocked thorugh LSP on oversized hotname in any application.
Affected:AVENTAIL : Aventail Connect 5.1
Original documentdocumentThomas Pollet, [Full-disclosure] Aventail Connect SSL VPN Client Buffer Overflow (02.05.2007)

WinAMP memory corruption
Published:02.05.2007
Source:
SecurityVulns ID:7659
Type:client
Threat Level:
6/10
Description:Buffer overflow on parsing .MP4 file.
Affected:NULLSOFT : WinAMP 5.34
CVE:CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.)
Files:Winamp <= 5.34 .MP4 File Code Execution

Office Viewer OCX multiple security vulnerabilities
Published:02.05.2007
Source:
SecurityVulns ID:7660
Type:client
Threat Level:
5/10
Description:Multiple buffer overflows in different methods.
Affected:OFFICEOCX : Office Viewer OCX 3.2
CVE:CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.)
 CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information.)
 CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information.)
Files:PowerPointViewer.ocx v. 3.1.0.3 multiple methods Denial of Service

Trillian instant messenger multiple security vulnerabilities
updated since 02.05.2007
Published:19.05.2007
Source:
SecurityVulns ID:7656
Type:remote
Threat Level:
6/10
Description:Multiple security vulnerabilities on IRC handling lead to information leaks and buffer overflow. Buffer overflows on Rendezvous and XMPP protocols parsing.
CVE:CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.)
 CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.)
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.)
Original documentdocumentZDI, TPTI-07-06: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption (04.05.2007)
 documentIDEFENSE, iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities (02.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod